Updated September 25, 2023 - 6:25 pm
Lawsuits filed against some of the biggest names on the Las Vegas Strip allege the gaming companies failed to protect customer data during recent cyberattacks.
Five class action lawsuits filed in Nevada District Court last week say that Caesars Entertainment and MGM Resorts International failed to protect the personal identifiable information of loyalty program customers whose data may have been compromised during separate attacks made public this month.
The law firms Stranch, Jennings and Garvey PLLC, a Las Vegas practice, and Kopelowitz Ostrow Ferguson Weiselberg Gilbert, a Florida practice, filed four lawsuits — two against Caesars and two against MGM — on Thursday. A fifth lawsuit was filed Friday against Caesars by Reno-based O’Mara Law Firm and Chicago-based Barnow and Associates.
The law firms, which represent plaintiffs living in various states across the country, declined to comment or didn’t immediately respond to requests for comment. Both MGM and Caesars did not respond to requests for comment.
MGM says computer systems are now operating normally, including company email. Check-in lines at both Mandalay Bay and Bellagio, on Monday afternoon were long, while paid parking, which had been down through much of the ordeal, appeared to be working. Slot machines at the properties also appeared to be functioning as normal.
The lawsuits allege the companies knew or should have known the importance of safeguarding the personal information it held, and that they failed to comply with Federal Trade Commission guidelines and industry standards. The plaintiffs allege they are now more vulnerable to identity theft.
In the two Stranch lawsuits filed against Caesars, the plaintiffs are Alexis Giuffre, a two-year Caesars Rewards member from Kane County, Illinois, and Paul Garcia, a 12-year member of Caesars Rewards from Denver. Plaintiffs in the fifth lawsuit, filed by the O’Mara Law Firm, are Illinois residents Thomas and Laura McNicholas.
In the two lawsuits filed against MGM, the plaintiffs are Louisiana resident Emily Kirwan and Mississippi resident Tonya Owens.
Caesars publicly detailed a social engineering cyberattack on the company in a Securities and Exchange Commission filing on Sept. 14. The company said a Sept. 7 investigation determined an attacker acquired a copy of the Caesars Rewards loyalty program database, which includes driver’s license and Social Security numbers.
Meanwhile MGM, the state’s largest employer and the operator of 10 Strip resorts from the high-end Bellagio to the more family-friendly Excalibur, has been working through a cyberattack launched Sept. 10 that kept systems offline for nine days.
Eastern European hacker gangs ALPHV and Scattered Spider have claimed responsibility for the attacks. Caesars reportedly paid a multimillion-dollar ransom to free its systems before much damage could be done, while it’s unclear if MGM considered paying a ransom. Notably, both companies are being sued despite their apparently different approaches to the separate attacks.
McKenna Ross is a corps member with Report for America, a national service program that places journalists into local newsrooms. Contact her at firstname.lastname@example.org. Follow @mckenna_ross_ on X. Assistant Business Editor Richard N. Velotta contributed to this report.